Single Sign-On (SSO)

❗️

Deployment Instance URL

The deployment instance URL is the base URL that you use to access your Validio instance. For example, https://my-company.validio.io.

Google Workspace

1. Set up a custom SAML app in the Google Workspace Admin console, with your Validio deployment information:

   • ACS URL: [Deployment instance URL]/login/saml2
   • IdP Entity ID: [Deployment instance URL]/saml2
   • Name ID format: [EMAIL]
   • Leave other fields as default

2. Add a new identity provider in Validio:

   • Entry point / SSO URL: https://accounts.google.com/o/saml2/idp?idpid=[Identity provider ID]
   • Entity ID: [Deployment instance URL]/saml2
   • Certificate: The certificate (string value) is found in the Google Workspace Admin console or in the IDP metadata.

For information, refer to Google Workspace Admin Help: Set up your own custom SAML application.

JumpCloud

1. Set up a custom SAML app in the JumpCloud admin console , with your Validio deployment information:

   • Entity ID: [Deployment instance URL]/saml2
   • SP Entity ID: [Deployment instance URL]/saml2
   • Assertion Consumer Service (ACS) URL: [Deployment instance URL]/login/saml2
   • SAMLSubject NameId Format: select urn:oasis:names:tc:SAML:1:1:nameid-format:emailAddress
   • Signature Algorithm: RSA-SHA256
   • Select the 'Sign Assertion' option

2. Add a new identity provider in Validio:

   • Entry point / SSO URL: Same value as IDP URL for your application in JumpCloud
   • Entity ID: [Deployment instance URL]/saml2
   • Certificate: Download the certificate under JumpCloud> SSO Applications> your configured application > IDP Certificate valid > Download certificate (paste the entire content of the downloaded certificate.pem into this field)

Microsoft Entra ID

1. Setup an Enterprise Application using SAML
   • Identifier (Entity ID): [Deployment instance URL]/saml2
   • Reply URL (ACS URL): [Deployment instance URL]/login/saml2
2. Add a new identity provider in Validio:
   • Entry point / SSO URL: https://login.microsoftonline.com/[TenantID]/saml2
   • Entity ID: [Deployment instance URL]/saml2
   • Certificate: Download the Base64 version on Entra> Single sign-on> SAML Certificates and paste the string to the Certificate field on Validio.

Okta

1. Setup an Enterprise Application using SAML
   • Single Sign on URL [Deployment instance URL]/login/saml2
   • Audience URI (SP Entity ID): [Deployment instance URL]/saml2
   • Name ID format: Email Address
2. Add a new identity provider in Validio
   • Entry point / Identity Provider SSO URL: https://your-okta-domain/.../sso/saml
   • Entity ID: [Deployment instance URL]/saml2
   • Certificate: Find under Application > Sign On > Signing Certificate > Copy

CyberArk

1. Setup an Enterprise Application using SAML.

   Under Manual Configuration, fill in the following information:

   • SP Entity ID / Issuer / Audience: [Deployment instance URL]/saml2
   • Assertion Consumer Service (ACS) URL: [Deployment instance URL]/login/saml2
   • Recipient: Same as ACS URL
   • Sign Response or Assertion: Both
   • Name ID format: emailAddress

2. Add a new identify provider in Validio

   • Entry point / SSO URL: Find under Identity Provider Configuration > Metadata > Single Sign On URL, and should be formatted as https://xxxx.my.idaptive.app/applogin/appKey/xxxxxx/customerId/xxxxx
   • Certificate: Find under Identity Provider Configuration > Metadata > Signing Certificate.